How severe is CVE-2023-2804?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2023-2804?

This is classified as CWE-122, which is a common weakness in software security.

CVE-2023-2804 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could craft a 12-bit lossless JPEG image that contains out-of-range 12-bit samples. An application attempting to decompress such image using merged upsampling would lead to segmentation fault or buffer overflows, causing an application to crash.

Related Vulnerabilities

CVE-2018-14653

MEDIUM

CVSS:6.5(Medium)

The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. A remote authenticated at...

CWE-1222018

CVE-2022-39068

MEDIUM

CVSS:6.5(Medium)

There is a buffer overflow vulnerability in ZTE MF296R. Due to insufficient validation of the SMS parameter length, an authenticated attacker could use the vulnerability to perform a denial of service...

CWE-1222022

CVE-2023-0666

MEDIUM

CVSS:6.5(Medium)

Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code ex...

CWE-1222023

CVE-2023-0667

MEDIUM

CVSS:6.5(Medium)

Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, an...

CWE-1222023

CVE-2023-28798

MEDIUM

CVSS:6.5(Medium)

An out-of-bounds write to heap in the pacparser library on Zscaler Client Connector on Mac may lead to arbitrary code execution.

CWE-1222023

CVE-2023-3180

MEDIUM

CVSS:6.5(Medium)

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in vir...

CWE-1222023